Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix OAuth2 Error Code 

Closes gh-10319
This commit is contained in:
Josh Cummings 2021-09-28 13:24:51 -06:00
parent cae8990046
commit 1f919bc791
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/JwtTimestampValidator.java
View File

@ -90,7 +90,7 @@ public final class JwtTimestampValidator implements OAuth2TokenValidator<Jwt> {
private OAuth2Error createOAuth2Error(String reason) { private OAuth2Error createOAuth2Error(String reason) {
this.logger.debug(reason); this.logger.debug(reason);
return new OAuth2Error(OAuth2ErrorCodes.INVALID_REQUEST, reason, return new OAuth2Error(OAuth2ErrorCodes.INVALID_TOKEN, reason,
"https://tools.ietf.org/html/rfc6750#section-3.1"); "https://tools.ietf.org/html/rfc6750#section-3.1");
} }

2
oauth2/oauth2-jose/src/test/java/org/springframework/security/oauth2/jwt/JwtTimestampValidatorTests.java
View File

@ -28,6 +28,7 @@ import java.util.stream.Collectors;
import org.junit.Test; import org.junit.Test;
import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult; import org.springframework.security.oauth2.core.OAuth2TokenValidatorResult;
import org.springframework.security.oauth2.jose.jws.JwsAlgorithms; import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
@ -109,6 +110,7 @@ public class JwtTimestampValidatorTests {
.collect(Collectors.toList()); .collect(Collectors.toList());
// @formatter:on // @formatter:on
assertThat(result.hasErrors()).isTrue(); assertThat(result.hasErrors()).isTrue();
assertThat(result.getErrors().iterator().next().getErrorCode()).isEqualTo(OAuth2ErrorCodes.INVALID_TOKEN);
assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow); assertThat(messages).contains("Jwt used before " + justOverOneDayFromNow);
} }